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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application. 

1 . (currently amended) A method of inter-area rekeying of encryption keys in secure mobile 
multicast communications, comprising: 

at a Domain Group Controller Key Server (Domain GCKS): 

distributing Traffic Encryption Keys (TEK) to a plurality of local Group Controller Key 
Servers (local GCKS) serving respective group key management areas, wherein said local Group 

Controller Key Servers forward said Traffic Encryption Keys, encrypted using Key Encryption 
Keys (KEKi, KEKj) that arc specific to the respective local Group Controller Key Server (local 
GCKSi, GCKSj), to group members situated in the respective group key management areas, and 
wherein said local Group Controller Key Servers (GCKSi, GCKSj) constitute Extra Key Owner 
Lists (EKOLi, EKOLj) for said group key management areas (areai, areaj) that distinguish group 
members (MMi, MMj) possessing Key Encryption Keys (BCEKi, KEKj) and situated in the 
corresponding group key management area (areai, areaj) from group members (MMij) possessing 
Key Encryption Keys (KEK) that were situated in the corresponding group key management 
area (areai) but are visiting another area (areaj); 

forwarding said Traffic Encryption Keys (TEK) to group members (MMy) visiting the 
respective group key management areas (areaj) encrypted using a Visitor Encryption Key (VEKj) 
that is specific to the respective local Group Controller Key Server (GCKSj) and is different from 
said Key Encryption Key (KEKj); and 

sending a new Visitor Encryption Key (VEKj) to a mobile member (MMij) arriving in the 
corresponding group key management area (areaj) if there is no other mobile member (MM ij.) 
situated in the corresponding group key managomont area (aroo^) and if when a current Visitor 
Encryption Key (VEKj) exists that and the current Visitor Encryption Key (VEKj ) has already 
been used to encrypt a previous Traffic Encryption Key (TEK), wherein only one new VEKj 
value is derived regardless of the number of new mobile members that enter the group key 
management area (areaj ^). 
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2. (previously presented) A method as claimed in claim 1, further comprising rekeying said 
Traffic Encryption Keys (TEK) after rekeying said Key Encryption Key (ICEKi, BCEKj). 

3. (previously presented) A method as claimed in claim 1, wherein said local Group Controller 
Key Servers (GCKSi, GCKSj) rekey a Key Encryption Key (KEK, KEKj) by a process 
comprising sending a new Key Encryption Key (KEK, KEKj) to current group members 
encrypted using the current Key Encryption Key (KEKi, KEKj) and to mobile members 
using the Visitor Encryption Key (VEK, VEKj). 

4. (previously presented) A method as claimed in claim 1, wherein said local Group Controller 
Key Server GCKSi sends the Visitor Encryption Key (VEK) rather than the Key Encryption 
Key (KEKi) to new members joining the group via areai. 

5. (previously presented) A method as claimed in claim 3, wherein said local Group Controller 
Key Servers (GCKSi, GCKSj, rckcy a Key Encryption Key (KEKj, KEKj) by a process 
comprising sending said new Key Encryption Key (KEKi, KEKj) selectively to existing 
group members situated in the corresponding group key management area (areaj, areaj). 

6. (previously presented) A method as claimed in claim 3, wherein said local Group Controller 
Key Servers (GCKSi, GCKSj) rekey a Key Encryption Key (KEK, KEKj) by a process 
comprising sending said new Key Encryption Key (KEK, KEKj) to existing group members 
using multicast messages and to said visiting mobile members over a different secure 
channel. 

7. (previously presented) A method as claimed in claim 3, wherein rekeying a Key Encr5^tion 
Key (KEKi, KEKj) comprises said local Group Controller Key Servers (GCKSi, GCKSj) 
sending a new Key Encryption Key (KEKi, KEKj) selectively to current group members 
currently situated in the corresponding group key management areas (areai, areaj). 

8. (previously presented) A method as claimed in claim 3 further comprising constituting 
Visitor Key Owner Lists (VKOLi, VKOLj) for said group key management areas (areai, 
areaj) that distinguish group members (MMi, MMj) possessing Visitor Encryption Keys 
(VEKi, VEKj) and situated in the corresponding group key management area (areai, areaj) 
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from group members (MMij) possessing Visitor Encryption Keys (VEKi) that were situated 
in the corresponding group key management area (areai) but are visiting another area (areaj). 

9. (previously presented) A method as claimed in claim 8^^ wherein said Extra Key Owner Lists 
(EKOLi, EKOLj) and said Visitor Key Owner Lists (VKOLi, VKOLj) comprise lists of the 
group members (MMij)^ possessing Key Encryption Keys (KEK l respectivel y and Visitor 
Encryption Keys (VEK, VEKj) respectively, that were situated in the corresponding group 
key management area (areai) but are visiting another area (areaj). 

10. (previously presented) A method as claimed in claim 1, wherein a group member (MMij) 
that was visiting another group key management area (areaj) returns to an area (areai) for 
which it possesses a corresponding Key Encryption Key (KEKi) or Visitor Encryption Key 
(VEKi) before expiry of a validity period set by the corresponding Group ConfroUer Key 
Server (GCKSi) without said corresponding Group ConfroUer Key Server (GCKSi) rekeying 
said Key Encryption Key (KEKi). 
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